ApplnNo. 10/780,098 
Amendment dated July 15, 2009 
Reply to Office Action of April 15, 2090 
Docket No. BOC9-2003-0087 (458) 

Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the 
instant application: 

Listing of Claims: 

1. (Currently Amended) A computer-implemented method of permitting controlled 
access to medical information of a patient, the method comprising: 

supplying medical information of the patient to a central repository by the patient 
and any medical providers who have treated the patient; 

establishing a storag e m e ans for storing and maintaining the medical information 
of the patient in the central repository : 

establishing a means for accessing the medical information by the patient or any 
other authorized user from an access device using a unique patient identifier and a patient 
PIN ; 

controlling by the patient an authorization and a scope of access to the medical 
information by the patient according to an assigned role of a user accessing the medical 
information by modifying an access control list within the patient's profile when the 
patient is connected to the central repository , wherein the access control list lists each 
authorized user and the assigned role of each authorized user , wherein the scope of access 
includes which items of medical information are available to an assigned role and how 
that information will be viewed ; 

assigning each authorized user with a unique authorized user ID and an authorized 
user PIN pin; and 

tracking and notifying the patient of an identity of an entity that a user who 
accessed the medical information, information that was accessed by the entity user , and 
when the entity user accessed the information. 
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2. (Cancelled). 

3. (Currently Amended) The method of claim 1, wherein the means for accessing the 
medical information access device is controlled using a universally unique identifier. 

4. (Original) The method of claim 1, wherein said controlling step is overridden by a 
registered emergency provider. 

5-15. (Cancelled). 

16. (Previously Presented) The method of claim 1 , wherein the patient is compensated 
for permitting some of the medical information to be available and used by a research 
institution. 

17. (Previously Presented) The method of claim 1, wherein during a doctor visit the 
patient provides access to the medical information for a time period long enough to 
support the visit at which point the access times out. 

18. (Previously Presented) The method of claim 1, wherein access to the patient's 
medical information expires when a physician logs into another room/appointment. 

19. (Cancelled). 
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20. (Currently Amended) A machine-readable storage having stored thereon, a 
computer program having a plurality of code sections, said code sections executable by a 
machine for causing the machine to perform the steps of: 

supplying medical information of the patient to a central repository by the patient 
and any medical providers who have treated the patient; 

establishing a storag e m e ans for storing and maintaining the medical information 
of the patient in the central repository ; 

establishing a m e ans for accessing the medical information by the patient or any 
other authorized user from an access device using a unique patient identifier and a patient 
PIN ; 

controlling by the patient an authorization and a scope of access to the medical 
information by the patient according to an assigned role of a user accessing the medical 
information by modifying an access control list within the patient's profile when the 
patient is connected to the central repository , wherein the access control list lists each 
authorized user and the assigned role of each authorized user , wherein the scope of access 
includes which items of medical information are available to an assigned role and how 
that information will be viewed ; 

assigning each authorized user with a unique authorized user ID and an authorized 
user PIN pin; and 

tracking and notifying the patient of an identity of an entity that a user who 
accessed the medical information, information that was accessed by the entity user , and 
when the entity user accessed the information. 

21. (Cancelled). 



4 



{WP566759;1} 



ApplnNo. 10/780,098 
Amendment dated July 15, 2009 
Reply to Office Action of April 15, 2090 
Docket No. BOC9-2003-0087 (458) 

22. (Currently Amended)The machine-readable storage of claim 20, wherein the 
means for accessing the medical information access device is controlled using a 
universally unique identifier. 

23. (Previously Presented) The machine-readable storage of claim 20, wherein said 
controlling step is overridden by a registered emergency provider. 

24. (Currently Amended) A computer-implemented system for permitting controlled 
access to medical information of a patient, the system comprising: 

a central repository storag e m e ans for storing and maintaining medical information 
of the patient , the medical information of the patient being supplied to the central 
repository by the patient and any medical providers who have treated the patient ; 

matins on cicccss device for accessing the medical information by the patient or 
any other authorized user , the patient accessing the medical information from the access 
device using a unique patient identifier and a patient PIN, each authorized user accessing 
the medical information from the access device using a unique authorized user ID and an 
authorized user PIN ; and 

at least a processor configured to 

means for controlling control by the patient an authorization and a scope of 
access to the medical information by th e pati e nt according to an assigned role of a 
user accessing the medical information by modifying an access control list within 
the patient's profile when the patient is connected to the central repository , 
wherein the access control list lists each authorized user and the assigned role of 
each authorized user, wherein the scope of access includes which items of medical 
information are available to an assigned role and how that information will be 
viewed ; 
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means for assigning assign each authorized user with a unique authorized 
user ID and an authorized user PIN pift, and 

means for tracking and notifying track and notify the patient of an identity 
of an entity that a user who accessed the medical information, information that 
was accessed by the entity user , and when the entity user accessed the information. 



25. (Cancelled). 



26. (Currently Amended) The system of claim 24, wherein the access device means 
for controlling th e m e ans for acc e ssing th e medical information comprises is controlled 
using a universally unique identifier. 



27. (Currently Amended) The system of claim 24, wherein s 
the access of the medical information may be the access control is overridden by 
registered emergency providers. 
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